Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Governments don't need to wait for Adobe (Score 1) 161

What if this technology is already available and being used in combination with man-in-the-middle attacks for the modification of communications in real time? A state-sponsored malicious actor can even start wars between unsuspected countries. Governments don't need to wait for Adobe to write software for their cyberwar arsenals.

The only way to (try and) guard against this that I can think of is cryptographically signing and verifying all important communications, whether between country leaders or between corporations. Maybe this is necessary for personal communications too.

Submission + - Android Spyware Targets Business Executives (helpnetsecurity.com)

Orome1 writes: Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a VP at a global technology company. The name of the malicious package is “com.android.protect”, and it comes disguised as a Google Play Services app. It disables Samsung’s SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher. The spyware is able to collect chats and messages sent and received via SMS, MMS, and popular email and IM apps; record audio and telephone calls; collect pictures and take screenshots; collect contacts, browser histories, the contents of the calendar, and so on.

Submission + - Investigation into spyware-related political espionage case halted

An anonymous reader writes: Reuter reports that Switzerland's attorney general has halted an investigation into suspected political espionage at a Geneva hotel, which was opened a month after talks on Iran's nuclear plans took place.

The reason for opening the investigation in the first place was the spyware discovered on hotel computers.

The attorney general's office said it was suspending proceedings because no evidence regarding the perpetrators' identities had been obtained.

Submission + - Private phone and chat conversations ended up in tech company

Dex Hex writes: The Volkstrant reports: "The private communications of thousands of Dutch citizens has fallen into the hands of the Australian technology company Appen. It concerns telephone and chat conversations from 2010 and 2011. According to telecom experts, the only explanation is that this communication was tapped by the British intelligence service GCHQ and was then handed over to Appen with the aim of improving software for converting speech into text."

Can you believe the arrogance?

Comment Re:Those were marketing claims (Score 5, Interesting) 94

Indeed. Including the magic clause "[company] may rewrite the terms of service from time to time, and it's the users responsibility to check the website periodically [...]" solves all future problems.

I always believed that no court in the universe will find this valid. Are you sure it's allowed in the US?

Submission + - SPAM: Steel Structure in India

An anonymous reader writes: World leading pre engineered building solution provided by Saxena marine tech in India. We the largest market players and providing leading solution for PEB, Steel Building, and Pre engineered building and etc SML GROUP is being committed steel Buildings manufacturer from the list of pre engineered building manufacturers in India.
Link to Original Source

Submission + - SPAM: Key Points About iPhone App Developer Must Be Aware Of

An anonymous reader writes: With the rising in number of iPhone users, the development of apps is also increases. Now, Companies are looking for talented iPhone developer who has having top to bottom knowledge of iPhone. So here we have listed fundamental things that each developer should know about, before developing an iPhone App.
Link to Original Source

Submission + - The coral die-off crisis is a climate crime and Exxon fired the gun (theguardian.com) 1

mspohr writes: An article published by Bill McKibben in The Guardian points the finger at Exxon for spreading climate change denial which led to lack of action to prevent widespread coral die-off.
"We know the biggest culprits now, because great detective work by investigative journalists has uncovered key facts in the past year. The world’s biggest oil company, Exxon, knew everything there was to know about climate change by the late 1970s and early 1980s. Its scientists understood how much and how fast it was going to warm, and how much damage that was going to do. And the company knew the scientists were right: that’s why they started “climate-proofing” their own installations, for instance building their drilling rigs to accommodate the sea level rise they knew was coming.

What they didn’t do was tell the rest of us. Instead, they – and many other players in the fossil fuel industry – bankrolled the rise of the climate denial industry, helping fund the “thinktanks” and front groups that spent the last generation propagating the phoney idea that there was a deep debate about the reality of global warming. As a result, we’ve wasted a quarter century in a phoney argument about whether the climate was changing."

Submission + - NSA worried about implications of leaked toolkits (businessinsider.com)

wierd_w writes: According to business insider, the NSA is worried about the possible scope of information leaked from the agency, after a group calling themselves the "Shadow Brokers" absconded with a sizable trove of penetration tools and technical exploits, which it plans to sell on the black market.

Among the concerns, are worries that active operations may have been exposed. Business insider quotes an undisclosed source as stating the possibility of the loss of such security and stealth (eg privacy) has had chilling effects for the agency, as they attempt to determine the fullness and scope of the leak.

(Does anyone besides me feel a little tickled about the irony of the NSA complaining about chilling effects of possibly being monitored?)

Submission + - Snowden Speculates Leak of NSA Spying Tools Is Tied To Russian DNC Hack (arstechnica.com)

An anonymous reader writes: Two former employees of the National Security Agency—including exiled whistleblower Edward Snowden—are speculating that Monday's leak of what are now confirmed to be advanced hacking tools belonging to the US government is connected to the separate high-profile hacks and subsequent leaks of two Democratic groups. Private security firms brought in to investigate the breach of the Democratic National Committee and a separate hack of the Democratic Congressional Campaign Committee have said that the software left behind implicates hackers tied to the Russian government. US intelligence officials have privately said they, too, have high confidence of Russian government involvement. Both Snowden and Dave Aitel, an offensive security expert who spent six years as an NSA security scientist, are speculating that Monday's leak by a group calling itself Shadow Brokers is in response to growing tensions between the US and Russia over the hacks on the Democratic groups. As this post was being prepared, researchers with Kaspersky Lab confirmed that the tools belong to Equation Group, one of the most sophisticated hacking groups they've ever investigated. "Why did they do it?" Snowden wrote in a series of tweets early Tuesday morning. "No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack." In a brief post of his own, Aitel agreed that Russia is the most likely suspect behind both the Democratic hacks and the leaking of the NSA spying tools. He also said the NSA data was likely obtained by someone with physical access to an NSA secure area who managed to walk out with a USB stick loaded with secrets.

Submission + - Windows UAC Bypass Permits Code Execution (threatpost.com)

msm1267 writes: A Windows UAC bypass has been publicly disclosed that not only bypasses the security feature meant to prevent unauthorized installs, but can be used to run code on compromised machines without leaving a trace on the hard disk.

The bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely. Researcher Matt Nelson said he figured out a way to use eventvwr to hijack a registry process, start Powershell and execute commands on Windows machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7 and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC.

An attacker would already need to be on the machine to use this technique, Nelson said. The attack allows an admin user to execute code in a high-integrity context without requiring the user to approve the administrative action via the UAC pop-up.

Microsoft, the researcher said, does not consider UAC bypasses a security boundary worthy of a bulletin and patch. It's unclear how Microsoft will address this issue.

Slashdot Top Deals

Promising costs nothing, it's the delivering that kills you.

Working...